Skip to main content
  1. Home
  2. Computing
  3. News

Reddit hacker demands $4.5M and a change to new API rule

By

Ransomware group BlackCat has claimed responsibility for the cyberattack on Reddit in February and is now demanding a $4.5 million payment to prevent it from publishing 80GB of data that it claims to have stolen from the site.

But that’s not all, as the group, which is also known as ALPHV, is insisting that Reddit also reverse the API price changes that have caused so much controversy just recently.

Recommended Videos

In a message posted by the group this week, the perpetrator said: “We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took … In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence.”

Related

Several days after it learned of the February incident — described by Reddit as a “sophisticated and highly targeted” phishing attack — a spokesperson for Reddit confirmed that hackers had accessed some of the site’s internal documents, dashboards, code, and business systems. Data linked to current and former employees, company contracts, and some advertisers were also accessed. Passwords and other data connected to user accounts were not thought to have been compromised, Reddit said at the time.

BlackCat also wants Reddit to abandon its move to start charging third-party apps for API access, which could potentially cost some developers millions of dollars annually and force a number of popular ones to shut down. Many subreddits have been protesting about the changes, but Reddit’s top team seems intent on sticking to its plan.

BlackCat emerged in November 2021 and by July 2022 had compromised more than 100 organizations, according to Security Week. The group appears to have been quite active recently, too, launching an attack on Western Digital in March that apparently saw 10 terabytes of data stolen, while it also recently threatened to release data allegedly stolen from Amazon-owned video doorbell company Ring.

Editors’ Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers stole $1.5 million using credit card data bought on the dark web
A credit card is passed from one person to another.

In what sounds like a movie script, over $1 million was stolen by a group that made use of thousands of credit cards posted for sale on the dark web. Some of the details of this complex cybercrime operation have come to light following an indictment by the U.S. Department of Justice.

In the United States v. Trevor Osagie, the defendant has pled guilty to conspiracy to commit credit card fraud from 2015 to 2018. Osagie worked with a network of thieves and managed to rack up over $1.5 million in damages.

Read more
Hackers target your holiday shopping with new phishing scam
Woman using a laptop next to a latte.

It's easy to get fooled by this new and devious, holiday-themed phishing attack that offers free prizes. But the old caution that “if it sounds too good to be true, it probably is” continues to be proven correct in this case.

What makes this trick so effective is the elaborate methods used to conceal its nefarious purpose and to reassure you, the potential victim, that it’s perfectly OK to proceed. This phishing attack has actually been active since September and is ongoing, targeting holiday shoppers seeking special offers.

Read more
This dangerous new hacker tool makes phishing worryingly easy
Computer user touching on Microsoft Word icon to open the program.

Setting up phishing campaigns for Microsoft 365 has become a relatively straightforward process due to a phishing-as-a-service (PhaaS) platform named Caffeine.

As reported by Bleeping Computer, the service offers a way for cybercriminals to target individuals in order to obtain access to their Microsoft 365 accounts.

Read more